Hi all,
I hope this is the right forum for this question as I am having difficulty
with SSL and an ASP.NET 3.5 website. I could not seem to find an appropriate
forum on Social MSDN either.

I have deployed an ASP.NET 3.5 application to a Windows 2003 IIS6 server.
There are 10 domains and 15 separate websites, most sharing the same IP
address. Also the PLESK control panel is used to create the new
domains/websites.

The SSL cert is installed proerly and working fine.

When someone types in the domain name with HTTP instead of HTTPS, I want the
request to be redirected to the HTTPS site.

I have tried changing code in the Global.asax such as...
========
Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
If (HttpContext.Current.Request.IsSecureConnection.Equals(False)) Then
Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") +
HttpContext.Current.Request.RawUrl)
End If
End Sub
=======
THe code appears to run in the VS debugger but doesn't help. I still get...
=======
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer
(SSL).



Please try the following:
Type https:// at the beginning of the address you are attempting to reach
and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
=========

I also tried in IIS Manger, in the properties page for the website, to
redirect the URL on the Home tab to https://domain.com. But that didn't work
either.

It appears that the request is denied at a higher lever somehow.

I am at a loss...as I see this behavior is handled properly on most Linux
servers. Whay can't I get it to work on a Windows 2003 server?

Thanks for any help...

Brian Thanks!!!

Your "guess" was excellent.
In IIS Manager in the "Directory Security" tab I clicked "Edit" under
"Secure communications".
Then I unchecked the box "Require secure channel(SSL)".

Now the redirection in the Global.asax seems to be working just fine.

I will need to test the site more thoroughly, but it looks like everything
is running fine.

Thanks again and have a great day!

John

"Brian Cryer" <not.here@localhost> wrote in message
news:(E-Mail Removed)...
> "John Kotuby" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi all,
>> I hope this is the right forum for this question as I am having
>> difficulty with SSL and an ASP.NET 3.5 website. I could not seem to find
>> an appropriate forum on Social MSDN either.
>>
>> I have deployed an ASP.NET 3.5 application to a Windows 2003 IIS6 server.
>> There are 10 domains and 15 separate websites, most sharing the same IP
>> address. Also the PLESK control panel is used to create the new
>> domains/websites.
>>
>> The SSL cert is installed proerly and working fine.
>>
>> When someone types in the domain name with HTTP instead of HTTPS, I want
>> the request to be redirected to the HTTPS site.
>>
>> I have tried changing code in the Global.asax such as...
>> ========
>> Sub Application_BeginRequest(ByVal sender As Object, ByVal e As
>> EventArgs)
>> If (HttpContext.Current.Request.IsSecureConnection.Equals(False)) Then
>> Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") +
>> HttpContext.Current.Request.RawUrl)
>> End If
>> End Sub
>> =======
>> THe code appears to run in the VS debugger but doesn't help. I still
>> get...
>> =======
>> The page must be viewed over a secure channel
>> The page you are trying to access is secured with Secure Sockets Layer
>> (SSL).
>>
>>
>>
>> Please try the following:
>> Type https:// at the beginning of the address you are attempting to reach
>> and press ENTER.
>> HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
>> Internet Information Services (IIS)
>> =========
>>
>> I also tried in IIS Manger, in the properties page for the website, to
>> redirect the URL on the Home tab to https://domain.com. But that didn't
>> work either.
>>
>> It appears that the request is denied at a higher lever somehow.
>>
>> I am at a loss...as I see this behavior is handled properly on most Linux
>> servers. Whay can't I get it to work on a Windows 2003 server?
>>
>> Thanks for any help...
>
> This is a guess, but I think the message "This page must be viewed over a
> secure channel" is coming from IIS. If so then its probably producing the
> message before/instead-of running your code, so my guess is that your
> redirection in Global.asax from non-secure to secure isn't being reached.
>
> If this is the case then try changing the security in IIS to say that it
> doesn't require SSL. (Clear the "Require secure channel (SSL)" check box.)
> By clearing that option IIS will then let your site run secure or
> non-secure. I suspect that your handler will then fire and redirect you
> from non-secure to secure.
>
> Hope this helps. Please post back how you get on.
> --
> Brian Cryer
> http://www.cryer.co.uk/brian
>
>